Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-3200

361

362

363

364

365

366

367

368

369

370

368 | Certificate Revocation Dell Networking W-Series ArubaOS 6.4.x| User Guide

9. In the Revocation Checkpoint pane, click Edit next to the revocation checkpoint that you want to

configure. The Revocation Checkpoint pane displays.

10.In the Revocation Check field, select ocsp from the Method 1 drop-down list as the primary check

method.

11.In the OCSP URL field, enter the URL of the OCSP responder.

12.In the OCSP Responder Cert field, select the OCSP certificate you want to configure from the drop-down

menu.

13.Click Apply.

In the CLI

This example configures an OCSP client with the revocation check method as OCSP for revocation check point

CAroot.

The OCSP responder certificate is configured as RootCA-Ocsp_responder. The corresponding OCSP responder

service is available at http://10.4.46.202/ocsp. The check method is OCSP for revocation check point

CARoot.

(host) (config) #crypto-local pki rcp CARoot

(host) (RCP-CARoot) #ocsp-responder-cert RootCA-Ocsp_responder

(host) (RCP-CARoot) #ocsp-url http://10.4.46.202/ocsp

(host) (RCP-CARoot) #revocation-check ocsp

The show crypto-local pki OCSP ResponderCert CLI command lists the contents of the OCSP Responder

Certificate store.

The show crypto-local pki revocation checkpoint rcp_name CLI command shows the entire

configuration for a given revocation checkpoint.

Configuring the Controller as a CRL Client

CRL is the traditional method of checking certificate validity. When you want to check certificate validity using a

CRL, import the CRL. You can import CRLs only through the WebUI.

In the WebUI

1. Navigate to the Configuration > Management > Certificates > Upload page.

2. Enter a name in the Certificate Name field. This name identifies the CRL certificate you are uploading.

3. Enter the certificate file name in the Certificate Filename field. Use Browse to enter the full pathname.

4. Select the certificate format from the Certificate Format drop-down menu.

5. Select CRL from the Certificate Type drop-down menu.

A revocation check method (OCSP or CRL) can be chosen independently for every revocation checkpoint. In this

example, we are only describing the CRL check method.

Once this CRL is uploaded it is maintained in the store for CRLs. These CRLs are used for signature

verification.

6. Click Upload. The CRL appears in the Certificate Lists pane. Select CRL from the Group drop-down list if you

want to display only CRLs.

7. For detailed information about an uploaded CRL, click View next to the CRL.

8. Select the Revocation Checkpoint tab.